| Index: third_party/WebKit/Source/core/layout/LayoutBox.cpp
|
| diff --git a/third_party/WebKit/Source/core/layout/LayoutBox.cpp b/third_party/WebKit/Source/core/layout/LayoutBox.cpp
|
| index 0f73e71f2bfdf2ea81033d14418d0ec145e8998f..451ee0a7e695fed86623b083bb170df5830168f1 100644
|
| --- a/third_party/WebKit/Source/core/layout/LayoutBox.cpp
|
| +++ b/third_party/WebKit/Source/core/layout/LayoutBox.cpp
|
| @@ -509,14 +509,24 @@ void LayoutBox::layout() {
|
| // an object excluding border and scrollbar.
|
| DISABLE_CFI_PERF
|
| LayoutUnit LayoutBox::clientWidth() const {
|
| - return m_frameRect.width() - borderLeft() - borderRight() -
|
| - verticalScrollbarWidth();
|
| + // We need to clamp negative values. The scrollbar may be wider than the
|
| + // padding box. Another reason: While border side values are currently limited
|
| + // to 2^20px (a recent change in the code), if this limit is raised again in
|
| + // the future, we'd have ill effects of saturated arithmetic otherwise.
|
| + return (m_frameRect.width() - borderLeft() - borderRight() -
|
| + verticalScrollbarWidth())
|
| + .clampNegativeToZero();
|
| }
|
|
|
| DISABLE_CFI_PERF
|
| LayoutUnit LayoutBox::clientHeight() const {
|
| - return m_frameRect.height() - borderTop() - borderBottom() -
|
| - horizontalScrollbarHeight();
|
| + // We need to clamp negative values. The scrollbar may be wider than the
|
| + // padding box. Another reason: While border side values are currently limited
|
| + // to 2^20px (a recent change in the code), if this limit is raised again in
|
| + // the future, we'd have ill effects of saturated arithmetic otherwise.
|
| + return (m_frameRect.height() - borderTop() - borderBottom() -
|
| + horizontalScrollbarHeight())
|
| + .clampNegativeToZero();
|
| }
|
|
|
| int LayoutBox::pixelSnappedClientWidth() const {
|
|
|
Chromium Code Reviews
Issue 2716583002:
Avoid negative content box sizes. (Closed)
